Knowledgebase: Advisories
Advisory: Removing Windows Installer With Embedded Tomcat for Workflow
Posted by Aly Essa, Last modified by Aly Essa on 18 September 2020 09:46 AM

Overview

For FileCatalyst Workflow and Webmail (discontinued), we have been producing a Windows-based installer that contained an embedded Tomcat. In the last five years, we have seen many vulnerabilities with Tomcat which have been exposed such as POODLE, Logjam and other man-in-the-middle attack variants. In some cases, Tomcat has been very responsive to patching CATALINA and in other instances, there has been the need to engineer a solution. 

For the Windows platform, we currently have two ways you can install the Workflow product (Standalone Tomcat and Embedded Tomcat) and when it comes to hardening Tomcat or patching or even migration there are variations in the instruction sets. This leads to confusion, loss of productivity and ultimately impacts production. In many cases, we have found that our clients who have used the Windows installer need to migrate away from it at some point to the standalone Tomcat installation.

One of our goals at FileCatalyst is to make our products easier to use. As of November 30th, 2020, we will be removing the Windows Installer and standardizing our installs across Linux and Windows.

We will have migration documentation available on our KnowledgeBase and if you require assistance in migrating your instance you can always reach out to your FileCatalyst Account Executive to discuss your options.

Environment

FileCatlayst Workflow v5.1.2 and older
Windows OS only.